Subj : Re: NetBSD 10
To   : Arelor
From : Gamgee
Date : Wed Apr 03 2024 08:59 pm

-=> Arelor wrote to Gamgee <=-

 Ar>   Re: Re: NetBSD 10
 Ar>   By: Gamgee to Arelor on Wed Apr 03 2024 07:49 am

 > As I said in a previous reply, we may be talking about different
 > use-cases of whatever *nix ...  My case is a simple home LAN scenario,
 > not commercial or large-scale.  I solve privelege/access issues like
 > *nix always has - with user/group settings.  And even that is pretty
 > limited, as I'm basically the only user on my systems.  Wife is a
 > confirmed Win-droid.  :-)

 Ar> The thing is the traditional *nix user/group settings (which I
 Ar> actually like) are designed to define what an user can and cannot
 Ar> do, in an environment where multiple *nix users share the same
 Ar> machine. They were created under the assumption that every
 Ar> process an user launches is an agent of the will of the user, and
 Ar> therefore should have the same access levels as the user.

Yes, I can see that.

 Ar> In a scenario in which 20 users are timesharing and your main
 Ar> interest is preventing a rogue user from messing up with the rest
 Ar> of the users, that model is fucking great.

ACK.

 Ar> The issue is that, as an user, you often don't want your
 Ar> processes to access everything you can access yourself. I can't
 Ar> think of a legit reason for a calculator app to access your SSH
 Ar> and GnuPG keys, for example. Given that modern users run a whole
 Ar> lot of untrusted code, much more than in the old timesharing
 Ar> days, it makes sense to ensure it does not interfere with
 Ar> anything else the user is doing.

That makes good sense, although I will admit to never really thinking of 
it like that.

 Ar> I think this sort of privilege segmentation is one of those
 Ar> things Android got actually right and Linux is struggling with.
 Ar> It is not that users "need" it, but it makes for great system
 Ar> hygiene and actually makes it hard for some Chinesse hacker to
 Ar> read your emails because you opened a poisoned *.jpg.

Agreed and understood.  Again something I haven't thought much about, and 
indeed don't worry too much about.


.... Beauty is only skin deep, but ugly goes all the way to the bone.
=== MultiMail/Linux v0.52
--- SBBSecho 3.20-Linux
 * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

.